TD Bank 2007 Annual Report Download - page 73

Download and view the complete annual report

Please find page 73 of the 2007 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 138

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138

TD BANK FINANCIAL GROUP ANNUAL REPORT 2007 Management’s Discussion and Analysis 69
Technology and information risk exposures associated with the
operational integrity and security of our information, systems
and infrastructure are actively managed through the implemen-
tation of enterprise-level technology risk and information secu-
rity management programs that are patterned on industry best
practices and our operational risk management framework.
These management programs include robust threat and vulner-
ability assessments, security and disciplined change manage-
ment practices.
Business Continuity Management
Business Continuity Management is a vital and integral part of
our operational risk management framework. It includes main-
taining enterprise-wide business continuity management prac-
tices, which allow the executive and senior management to
continue to manage and operate their business under adverse
conditions, through the execution of resilient strategies, recov-
ery objectives, business continuity and crisis management plans
and communication protocols. All areas maintain and regularly
test business continuity plans to address the loss or failure of
any component on which critical functions depend.
Outsourcing Management
Outsourcing is any arrangement where a service provider per-
forms a business activity, function or process on our behalf that
we could normally be expected to perform ourselves.
Outsourcing business activities are beneficial by providing
access to leading technology, specialized expertise, economies
of scale and operational efficiencies. While these arrangements
bring benefits to our businesses and customers, we recognize
that there are attendant risks that need to be managed. To min-
imize our exposure to risks related to outsourcing, we maintain
an enterprise-level outsourcing risk management program that
includes specifying minimum standards for due diligence and
ongoing monitoring of service providers, according to signifi-
cance of the particular outsourcing arrangement.
Regulatory and Legal Risk
Regulatory risk is the risk of not complying with regulatory and
comparable requirements. Legal risk is the risk of non-compliance
with legal requirements, including the effectiveness of preventing
and handling litigation.
Financial services is one of the most closely regulated indus-
tries, and the management of a financial services business such
as ours is expected to meet high standards in all business deal-
ings and transactions. As a result, we are exposed to regulatory
and legal risk in virtually all of our activities. Failure to meet reg-
ulatory and legal requirements not only poses a risk of censure
or penalty, and may lead to litigation, but also puts our reputa-
tion at risk. Financial penalties, unfavourable judicial or regula-
tory judgments and other costs associated with legal
proceedings may also adversely affect the earnings of the Bank.
Regulatory and legal risk differs from other banking risks,
such as credit risk or market risk, in that it is typically not a risk
actively or deliberately assumed by management in expectation
of a return. It occurs as part of the normal course of operating
our businesses.
WHO MANAGES REGULATORY AND LEGAL RISK
Business units and corporate areas are responsible for managing
day-to-day regulatory and legal risk, while the Legal and
Compliance Departments assist them by providing advisory and
oversight services.
The Compliance Department is responsible for the risk-
based identification and effective monitoring of regulatory risk
across our organization, and is charged with ensuring that key
day-to-day business controls are sufficiently robust to maintain
compliance with applicable legislation.
Internal and external Legal counsel also work closely with the
business units and corporate functions to identify areas of
potential regulatory and legal risk, and actively manage them to
reduce the Bank’s exposure.
HOW WE MANAGE REGULATORY AND LEGAL RISK
Our Code of Conduct and Ethics helps set the “tone at the
topfor a culture of integrity within our organization. The
Code stipulates that concern for what is right should be the
first consideration in all business decisions and actions, and that
includes compliance with the law. All directors, officers and
employees are required to attest annually that they understand
the Code and have complied with its provisions.
Business units and corporate areas manage day-to-day
regulatory and legal risk primarily by implementing appropriate
policies, procedures and controls. The Legal and Compliance
Departments assist them by:
•฀ Communicating and advising on regulatory and legal require-
ments and emerging compliance risks to each business unit as
required;
•฀ Implementing or assisting with policies, procedures and
training;
•฀ Independently monitoring and testing for adherence to regu-
latory and legal requirements, as well as the effectiveness of
associated key internal controls;
•฀ Tracking, escalating and reporting significant issues and find-
ings to senior management and the Board; and
•฀ Liaising with regulators as appropriate regarding new or
revised legislation, or regulatory examinations.
Additionally, enterprise-wide management of legal and regu-
latory risk is carried out through the Legislative Compliance
Management Program (LCM) run by the Compliance
Department. Through LCM, legislative requirements and associ-
ated key controls are assessed across the organization, using a
risk-based approach. Where any gaps are identified, action
plans are implemented and are tracked on a regular basis.
Business senior management must attest annually in writing as
to compliance with applicable legislative requirements and mea-
sures taken to address gaps. Based upon these attestations, the
Chief Compliance Officer provides an annual LCM certification
to the Audit Committee of the Board.
Finally, while it is not possible to completely eliminate legal
risk, the Legal Department also works closely with business
units and other corporate areas to draft and negotiate legal
agreements to manage those risks, to provide advice on the
performance of legal obligations under agreements and
applicable legislation, and to manage litigation to which the
Bank and its subsidiaries are a party.
Reputational Risk
Reputational risk is the potential that negative publicity, whether
true or not, regarding an institution’s business practices, actions
or inactions, will or may cause a decline in the institutions value,
liquidity or customer base.
A companys reputation is a valuable business asset in its own
right, essential to optimizing shareholder value and, as such, is
constantly at risk. Reputational risk cannot be managed in isola-
tion from other forms of risks. All risks can have an impact on
reputation, which in turn can impact the brand, earnings and
capital. Credit, market, operational, insurance, liquidity and
regulatory and legal risks must all be managed effectively in
order to safeguard the Bank’s reputation.
We have an enterprise-wide Reputational Risk Management
Policy, approved by the Risk Committee of the Board. This policy
established a framework under which each business unit is
required to implement a reputational risk policy and procedures,